In a complex phishing scam, a crypto user lost a whopping $908,551, 15 months after inadvertently signing a malicious approval transaction. The perpetrator, linked to an ERC-20 approval transaction, presumably signed via a bogus site or counterfeit airdrop, was granted access to the victim’s funds. The scammer’s wallet, known as “0x67E5Ae”, launched this attack, with onchain data evidence confirming the theft.
The infamous wallet address pink-drainer.eth executed the heist on August 2nd, around 5 am UTC, almost 458 days since the victim had signed the phishing approval transaction on April 30, 2024. During this scam, the offender made off with about $908,551 worth of USDC stablecoin, reported by Scam Sniffer.
Scam Sniffer cautioned crypto users to frequently review and revoke outdated approvals due to this security incident, with a reminder that “your wallet security matters.” The platform emphasized the importance of ensuring the safety of one’s funds.
Interestingly, the victim’s compromised wallet was untouched until a month prior to the attack with minimal transaction activity, indicating no incentive for the attacker to act. This changed on July 2nd, when the victim deposited $762,397 into the compromised wallet, followed by another deposit of $146,154 from a separate Kraken wallet.
The offender patiently monitored the account, waiting for additional transactions, then proceeded to drain the funds in a single transaction on August 2nd. This slow and patient approach is a characteristic of phishing approval attacks. The scammer tends to be dormant and strikes when the account is worth hacking.
Preventive measures to such heists can involve Ethereum users utilizing the Etherscan’s Token Approval Checker to retract unnecessary token approvals. However, each revocation demands a gas fee. The rising number of attacks on crypto users is a matter of concern. An alarming theft of $142 million across 17 separate attacks in July demonstrates the need for better security, with the hack of CoinDCX crypto exchange causing the most significant loss.